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Abstract 

We consider the problem of constructing dense lattices of R™ with a given non trivial 
automorphism group. We exhibit a family of such lattices of density at least cn2~ n , which 
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■ matches, up to a multiplicative constant, the best known density of a lattice packing. 

For an infinite sequence of dimensions n, we exhibit a finite set of lattices that come 
with an automorphism group of size n, and a constant proportion of which achieves the 
aforementioned lower bound on the largest packing density. The algorithmic complexity 
for exhibiting a basis of such a lattice is of order exp(nlogn), which improves upon 
previous theorems that yield an equivalent lattice packing density. The method developed 
here involves applying Leech and Sloane's Construction A to a special class of codes with 
| a given automorphism group, namely the class of double circulant codes. 
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1 Introduction 

A lattice packing of Euclidean balls in M. n is a family of disjoint Euclidean balls of equal 
radius centered on the points of some non degenerate lattice. The proportion of the space 
covered by these Euclidean balls is called the density of the packing. When balls of volume 
V are packed by a lattice A, the corresponding density is V. det(A)^ 1 , where det(A) denotes 
the determinant of the lattice, i.e. the volume of a fundamental region. 

The classical Minkowski-Hlawka Theorem states that for n greater than 1 there exist lattice 
packings with density at least 2 1 ~ n C,{n). This lower bound on the lattice packing density was 
later improved by a linear factor to a quantity of the form cn2~ n for constant c. This 
improvement is originally due to Rogers :8: with c = 2e~ 1 . The constant c was successively 
improved by Davenport and Rogers jSj to c = 1.68 and eventually by Ball 1 to c = 2. 

In the meantime, Rush [2], building upon a technique of Rush and Sloane ^Oj, essentially 
recovered the original Minkowski-Hlawka lower bound on the largest density of a sphere 
packing using coding theory arguments together with the Leech-Sloane Construction A for 
lattices. While this did not achieve the improved density of the form cn2~ n , it had the 
alternative advantage of being more effective than the proofs of the above results. Rush's 
construction exhibits in a natural way a finite number of lattices among which dense ones 
exist. This number, though still too large to be in any way practical, is much smaller than what 
can be derived by applying the original proofs of the results highlighted above: consequently, 
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the algorithmic complexity of Rush's construction is of the form exp{n\ogn) which is a 
substantial improvement over the preceding ones (see j2J, p. 18). 

Recently, the cn2 n improved lower bound on the minimum density was made as effective 
as Rush's lattice construction, with c = 0.01, for (non-lattice) sphere packings by Krivelevich, 
Litsyn and Vardy in [7j . They use an elegant graph theory method that enables them to find 
dense packings with a time (and space) complexity exp(nlogn). 

In this paper, we again make the cn2 n lower bound as effective, with c ~ 0.06, without 
paying the price of losing lattice structure. In fact, the dense lattice packings that we exhibit 
have additional algebraic structure, namely they come together with an automorphism group 
of size n. This additional structure is not a by-product of our method but is an essential 
reason for the improved density. This is a small step towards showing that, in the asymptotic 
setting, algebraic constructions can compete with unstructuredness, and maybe even stand 
out. 

The starting point of our approach is similar to that of ^0] and [0], namely relies upon 
construction A to transform codes in F™ into lattices of M n . The specificity of the Rush-Sloane 
method is to consider codes designed for a metric which is unconventional in F™ but specially 
adapted to the Euclidean metric in M. n . However, instead of indiscriminately looking for the 
best codes for this metric in the whole space F™, we depart from ^Ql |Hj by restricting our 
attention to an exponentially smaller set of codes, namely a class that has a given automor- 
phism group (double circulant codes), and prove that a constant fraction of them yield lattices 
with improved density. Similar codes were also used in a coding theory context to improve 
the classical Gilbert- Varshamov bound for linear codes by a linear factor [3]. Exhibiting a 
lattice basis has algorithmic (time) complexity exp{n\ogn). 

The paper is organized as follows: in Section [21 we show how dense lattices are constructed 
from "dense" codes and we formulate our main results, Theorem ^ and Corollary [21 In 
Section El we show how to obtain good double circulant codes. 



2 From dense codes to dense lattices 

Let S n denote the Euclidean ball of radius 1 in M n , we have: 

V °'< S "> = W (1) 

Let S n (d) denote the Euclidean ball of radius d in M n , so that we have 

Vol (S n (d)) = d n Vol{S n ). 

Let p £ M. be the radius of a Euclidean ball of volume p n ^ 2 for p any positive number, i.e. 
Vol (S n (p)) =p n / 2 . By JTJ) and Stirling's formula we have: 



"=v£ (1+o(1)) (2) 

where o(l) will always be understood to mean a quantity that vanishes as n goes to infinity. 
For A a lattice of dimension n it is customary to define its minimum norm by 

p(A) =min|^^ 2 , (x ir -- ,x n ) G A\{0}| . 
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The lattice A defines a packing of 1" by spheres of Euclidean radius y^/2 and the density 
of this packing is given by: 



Vol (5„(VAt/2)) _ Vol(S n )n 



n/2 

(3) 



det(A) 2 n det(A) ' 

where det(A) stands for the determinant of A. 

From now on let p be a prime. We identify elements z of F p with elements z of Z such 
that 

p-1 p- 1 

< z < . 

2 ~ ~ 2 

With this convention, following jlUl 15]. we introduce the noTui of a vector x — * * * ? ^n) 
in F™ as the non-negative real number 



l X l|2 = \Jx\ +---+X 2 . 

Let B nt p(d) denote the set of vectors x G F™ such that | |x 1 1 2 < We shall only be dealing 
with values of d such that d < p/2 so that we shall always have: 

\B njP (d)\ = \z n ns n (d)\ (4) 

hence, by fitting the sphere S n (d) inside a union of n-cubes of volume 1, 

Vol (s n (d- < \B n , p (d)\ < Vol (s n (d+ . (5) 

Let us call a [n, k, d,p] code a fc-dimensional subspace C of F^ such that d equals the minimum 
of the norm ||x||2 of a nonzero codevector x G C. We will refer to d as the minimum norm of 
the code C. 

Recall that Construction A associates to a code C the lattice: 

A P (C) = {(xi, x n ) G II 1 I (x\ mod p, ...,x n mod p) G C}. 

It is readily seen that this lattice has minimum norm ^ = min(d 2 ,p 2 ) and determinant p n ~ k . 
In the following, we will always ensure that d < p so that the [n, fc, code C yields by 
construction A a lattice of M n of norm d 2 with density (j5J) : 

A _ 1 Vol(5 w (d)) 

2« pn—k ' ' 



By © this gives a density 



We shall prove 



> 1 |B WJ> (cQ| / VE 

- 2 n p n-k \ 2d 



(7) 



Theorem 1 There exists a constant c, such that for any n = 2q, q a large enough prime, 
there exists a prime p, n 2 logn < p < (n 2 log 2 n) 5 ' 5 , and an [n,n/2,d,p] code C such that 

\B n , P (d)\ > cnp n ' 2 . 

Furthermore, the automorphism group of C contains a subgroup isomorphic to Z/2Z x Z/gZ. 
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The condition n 2 logn < p in Theorem ^ will ensure that the term (1 + ^/n/2d) n in 
tends to 1 when n tends to infinity. This will enable us to obtain: 

Corollary 2 There exists a constant c, such that for any n = 2q, q a large enough prime, 
there exists a lattice ofMJ 1 with density at least cn/2 n and whose automorphism group contains 
a subgroup isomorphic to Z/2Z x Z/gZ. Such a lattice can be constructed with time complexity 
exp(nlogn)). 

The numerical value of the constant c in Theorem ^ and Corollary |2] can be estimated to 
be at least (2 - l/e)(2 + eV)" 1 « 0.064. 

3 Double circulant codes and random choice 

A p-ary double circulant code is a [2q, q, d,p] linear code C with a parity-check matrix of the 
form H = [I„ | A] where I q is the q x q identity matrix and 



ai 


a 2 • . 


a q 


a q 


a\ . . 


■ a q -i 


(lq-l 


a q . . 


■ a q -2 


a-2 


a 3 . . 


ai 



This simply means that C is the kernel of the mapping xhx *H from ¥p q to ¥ Q P . 

We will only consider the case when q is a prime. Let n = 2q. There is a natural action 
of the group G = Z/2Z x Z/gZ on the space F™ of vectors x = (xi . . . x q , x q+ \ . . . X2 q ) 

G xF™ -» F™ 

I ^ 5-X 

where (0, 1) -x = (x q , x%. . . x q -i, X2 q ,x q+ i, . . . X2q-%) and (1, 0) -x = — x. The double circulant 
code C is invariant under this group action and so is the norm of any vector x. Note that 
construction A applied to the code C will clearly yield a lattice whose automorphism group 
contains G. 

To show that double circulant codes with a large minimum norm d exist, we shall study the 
typical behaviour of d when a double circulant code is chosen at random. We now formalize 
this: 

Consider the random double circulant code C ran d obtained by choosing the the first row of 
A, the vector (oi . . . a q ), with a uniform distribution in Fp. We are interested in the random 
variable X(w) equal to the number of nonzero codevectors of C ran d of norm not more than 
w. In other words we define 

X(w) Yl X * 

xeB„, p (u>)\{0} 

where X x is the Bernoulli random variable equal to 1 if x £ C ran d and equal to zero otherwise. 
Our strategy is to study the maximum value of w for which we can claim P(X(u>) > 0) < 1, 
this will prove the existence of codes of parameters [n, n/2, d > w,p\. 
The core remark is now that, if y = g ■ x, then 

X y = X x . 
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Let now B f n p(vo) be & set of representatives of the orbits of the elements of B n ^p (w), i.e. for 
any x G B n , p (w), \{g ■ x, g G G} D f?' (it?) | = 1. We clearly have X(u>) > if and only if 
X'(w) > where 

X'{w) = X ~ 
*eB^ p (w)\{o} 

Denote by £(x) the length (size) of the orbit of x, i.e. £(x) = #{g ■ x, g G G}. We have 

x6B„, p («;)\{0} V 7 

By writing P(X(w) > 0) = P(X'(w) > 0) < E [X'(w)], together with © we obtain 



(9) 



A|n ||x||2<ui 
£(x)=A 



Since n = 2q = \G\ and q is a prime, possible values of A in @ are 1, 2, q, n. Note that 
£(0) = 1, £(x) = 2 for x of the form x = (a(l, 1, . . . 1), /3(1, 1, . . . 1)) and £(x) > q for all other 
vectors. In fact a closer look shows that £(x) = q is not possible. For this to happen, one of 
the two halves of x, call it y, would have all its q cyclic shifts distinct, and the property that 
— y equals some cyclic shift of y. But then it would be possible to partition the set of cyclic 
shifts of y into pairs of opposite vectors, but q is odd, a contradiction. Therefore Inequality 
© gets rewritten as 



p ( xh>o)< £ ^1+ £ (io) 

x=(q(1,1,...1),/3(1,1,...1)) £(x)=n ' 

0<||x||2<10 0<||x||2<t« 

We now switch to evaluating the right hand side of (|10|) . 



3.1 Syndrome distribution 

We need to study carefully the quantities E [X x ] = P(x G C ran d), for x G B n ^ p (w). For x G F™, 
let us write x = (x£,xr) with x^,x/j G Fp\ Consider the syndrome function a 

a ■ ¥ n -> F g 

x i ^ c( x ) = x*H = ctl(x) + ctr(x) 

where o\l(x) = x^ and o\r(x) = x^'A. 

For any vector u = {uq, . . . , w^-i) of Fp, denote by u(Z) = uq + "Ui^ + • • • + u q -\Z q ~ l its 
polynomial representation in the ring R = Fp[Z]/(Z 9 — 1). For any u G Fp, let C(u) denote 
the cyclic code of length q generated by the polynomial representation of u (i.e. C(u) is the 
ideal generated by u(Z) in the ring R). We have: 

Lemma 3 The right syndrome ctr(x) of any given x G F™ is uniformly distributed in the 
cyclic code C(x^). Therefore, the probability P(x G C ran d) that x is a codevector of the random 
code C mnd is 

• P(x G C rand ) = l/\C(x R )\ if x L G C(x R ), 
. P(x G C rand ) = i/ x L C( XJI ). 
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Proof: A little thought shows that ctr(x) has polynomial representation equal to xr(Z)&(Z), 
where a = (ai, a„, dq-i, • • • , 0,2) is the transpose of the first column of A. Therefore, the image 
of the mapping 

a 1 ^ o- fl (x) 

for fixed x, is the cyclic code C(xr). Since this mapping is linear, every element of C(xr) 
has the same number of preimages (namely Kerip), therefore when the distribution of a is 
uniform in F|, the distribution of <tr(x) is uniform in the code C(x#). I 

3.2 The choice of p and the cyclic codes C(x#) 

The right hand side of 1)10(1 will be easiest to study if there are as few as possible cyclic codes 
in Fp, i.e. if the ring R has as few as possible invertible elements, equivalently if Z q — 1 
has as few as possible divisors in F p [Z]. The next lemma tells us how to ensure this, while 
simultaneously bounding from above the size of p, so as to retain some control over the overall 
contruction complexity. 

Lemma 4 For any n = 2q large enough, there exists a prime p in the range n 2 log n < p < 
(n 2 log 2 n) 5 ' 5 for which the the factorization of Z q — 1 into irreducible polynomials of¥ p [Z] is 

Z q - 1 = (Z - 1)(1 + Z + Z 2 + ■ ■ ■ + z q - x ). 

Proof: We just need to find p in the required range such that (p mod q) is a primitive 
element in Z/gZ. 

Let Q = q 2 p where p is a prime such that 4 log n < p < 4 log 2 n: p exists for q large 
enough, and we have n 2 logn <Q<n 2 log 2 n. 

Let a < q be a positive integer that is a primitive element in Z/gZ. Since g is prime we have 
g 7^ mod p so that we may choose e% £ {1, 2} and £2 £ {0, 1} such that r = (l + £ig)(a + £2g) 
is coprime to p and therefore to Q. Note also that r is smaller than Q for q large enough, not 
prime, and equal to a mod q. By Linnik's Theorem on least primes in arithmetic progressions, 
there exists a prime p such that p = r mod Q and p < Q L for a constant L. We have 
p = r = a mod q. Note that since r is not prime we have Q < p in addition to p < Q^. By 
a result of Heath-Brown |5j we have L < 5.5. I 

For p as in Lemma |1] we therefore have exactly two non-trivial cyclic codes over F p of 
length q, namely C\, the subspace generated by the all-one vector (or the generator polynomial 
1 + Z + • • • + and its dual, C^~, with generator polynomial Z — 1. 

Now Lemma |21 implies that there are exactly two types of non-zero vectors of F p such that 
P(x £ C ran d) is different from zero and from l/p q , namely: 

• vectors x such that x^ £ C\ and x^j £ C\, we call them vectors of type 1. For these 
vectors we have P(x £ C ran d) = 1/p. 

• vectors x such that x^ £ Cj 1 and x/j £ Cj 1 , we call them vectors of type 2. For these 
vectors we have P(x £ C ran d) = \/p q ~ l . 

Next, we study the number of these exceptional vectors to evaluate their contribution to the 
upper bound (|1U|) . 
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3.3 Number of vectors of type 1 and type 2 in B ntP (p) 

Suppose w = p(l + o(l)) where p is denned by S n {p) = p q (see (J2J). Note that in Lemma|| 
we have chosen p such that © implies \fnj p = o(l/n). Therefore, © implies in turn that 

\B n ,pH\ = Vo1 (4H) (1 + O(l)). (11) 

A vector of type 1 in B np (w) is a vector x such that 

x L = a(l, 1, . . . , 1) and x R = (3(1,1, ... ,1). 

The number Ni(w) of possible values of (a, (3) such that ||x||2 < w is, 

miw) = #{(a,(3) G F 2 | a 2 ^ + (3 2 ^ < w 2 }. 

Therefore, for w < (p — l)/2 (which is always going to be satisfied for n large enough and p 
chosen as in Lemma @J), 

o 7 ,,2 

Ni(w) = #{(a,(3) G Z 2 | a 2 + (3 2 < — } 

n 

and, bounding from above by the area of a 2-dimensional disc, 

A | ( It'} _ n j IV \ 

Therefore © gives 

iViM<-(l + o(l)). (12) 

e 

We now switch to evaluating the cardinality A^(it?) of the set A of vectors of type 2 in 
B n ,p(w). Now let .B be the set of vectors y of F™ obtained by the following procedure: 

1. choose x = (xi . . . x n ) G A 

2. choose i, j with l<z<g, g + l<j< 2g 

3. choose two integers l,r such that \l\ < \\^tp\ and |r| < [y 7 ^, where t is a constant to 
be determined later 

4. define y = (y x . . . y n ) by y; = /, = r and y ft = x^ for h ^ i, j. 

We now define the bipartite graph with vertex set A U B by putting an edge between x G j4 
and y G B if y is obtained from B by the above procedure. Let E be the set of edges of 
this graph. The degree of a vertex x G A is clearly q 2 (2\y/tp\ + l) 2 > Atpq 2 so that we have 
\E\ > \A\4tpq 2 . Recall that x is of type 2 means that x\-\-- ■ - + x q = and x q +\ + - ■ - + X2 q = 0. 
Now let y G B. There is at most one way of modifying two given coordinates i, j, 1 < % < q, 
q + 1 < j < 2g, so as to obtain a vector x G A In other words the degree of a vertex y € B 
is at most g 2 and \E\ < \B\q 2 . We have therefore 
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Now notice that if x S A and y £ B are adjacent in the bipartite graph we have 

||y||l < ||x||| + 2|ytpl 2 
so that S C B n> p(w') with u/ = \/w 2 + 2[~y / ip] 2 . Since w = + o(l)), this gives 



u>' = 1(7^1 + 2^/9-2(1 + 0(1)). (14) 



In particular we have w' = p(l + o(l)) so that, applying pip, we get 

\B\ < \B n>p (w')\ = Vol (S n (w')) (1 + o(l)) = Vol (S n ) w' n {l + o(l)) 



Now JTU) and © give: 



Vol (S n H) ^(1 + (1)) = 1^(^)1^(1 + o(l)). 



\ n/2 

1 + ^J (l + o(l)). 
Together with p3p we obtain the following bound on N2(w) = \ A\: 

2ten 

N 2 (w) < — \B njP (w)\(l + o(l)). 
Now choose t = {2eir)~ l so as to minimize e 2ten /4tp and we get: 

2 

N 2 (w)<^\B n , p (w)\(l + o(l)). (15) 

3.4 Proof of Theorem [T] and Corollary [2] 

We are now ready to prove the main result. 

Proof of Theorem^ Choose p as in Lemma@]and choose w such that Vol (S n (w)) = cnp n / 2 , 
c a constant to be determined later. This clearly implies w = p(l + o(l)) so that, by pip , we 
have \B n ^ p {w)\ = cnp n l 2 (\ + o(l)). The upper bounds (|T2*|) and (fTo^l apply and (fTU|) yields: 

1 „1— n/2 rf-n/2 

P(X(w) > 0) < ATi + N 2 {w)^ + |B„, P H|- 

2 n n 

1 e 2 7r 
<- + — c + c + o(l). 

We obtain therefore ~P{X(w) > 0) < 1 for n large enough and 

2-1 

c < f- » 0.064. 

2 + e 2 7r 

We have proved that for such a value of c, some double circulant codes with minimum norm 
d > w must exist. I 

Proof of Corollary^ Let C be the code in Theorem ^ By inequality (JSJ), since cnp n l 2 < 
\B np (d)\, the quantity d+ y/n/2 must be greater than the radius of a Euclidean ball of volume 
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cnp n l 2 . As before, by equality (J2J), the code's minimum norm d must be greater than y/pn 
multiplied by a constant, so that the term (1 + \/n/2d)~ n in (jJJ converges to 1 when n — ► oo, 
since y/p/n —* oo. Therefore (J7J) yields the announced density for the lattice deduced from 
the code C by construction A. 

Construction A preserves the automorphism group of the code in the lattice. The con- 
struction complexity is simply that of going over all double circulant codes of length n over ¥ p 
(there are pa of them), and checking, by exhaustive search over the p? codevectors, whether 
they contain a vector of norm less than the required bound. The resulting complexity equals 
therefore p n times quantities of a lesser order of magnitude, i.e. p n ( 1+0 W) which is not more, 
by Lemma H than 2 2L ( 1 +°( 1 )) nl °g2( n ). I 

4 Concluding comments 

• The proof of Theorem ^ shows that, by lowering the value of c, we can make all the 
contributions to the probability of the existence of a codevector of weight < w vanish, 
except for the codevectors of type 1. In other words, for small values of the constant c, 
the asymptotic probability that the double circulant code-random lattice yields a pack- 
ing of density less than cn2~ n equals the non-vanishing probability (not more than 
1 — that codevectors of type 1 exist. When this happens, not only does the packing 
density drop below cn2~ n , but it drops below the Minkowski density altogether. In 
contrast, typical random lattice packings have a density of order l/2 n jllj . 

• The action of the automorphism group of the lattices presented here is not transitive 
on the set of coordinates, it has two orbits. Can one construct dense lattices with a 
transitive automorphism group ? 

• The automorphism group here has size (at least) n. Could alternative constructions 
yield an automorphism group of guaranteed larger size (potentially resulting in increased 
packing densities) ? 
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